Chapter 15: Advanced Configuration
15.8.3 Installing the key and certificate
The recommended method for copying files securely to the Console Server unit is with an SCP (Secure Copying Protocol)
client. The scp utility is distributed with OpenSSH for most Unix distributions while Windows users can use something like the
PSCP command line utility available with PuTTY.
The files created in the steps above can be installed remotely with the scp utility as follows:
scp ssl_key.pem root@<address of unit>:/etc/config/
scp ssl_cert.pem root@<address of unit>:/etc/config/
or using PSCP:
pscp -scp ssl_key.pem root@<address of unit>:/etc/config/
pscp -scp ssl_cert.pem root@<address of unit>:/etc/config/
PuTTY and the PSCP utility can be downloaded from: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
More detailed documentation on the PSCP can be found:
http://the.earth.li/~sgtatham/putty/0.58/htmldoc/Chapter5.html#pscp
15.8.4 Launching the HTTPS Server
Note that the easiest way to enable the HTTPS server is from the web Management Console. Simply click the appropriate
checkbox in Network: Services: HTTPS Server and the HTTPS server will be activated (assuming the ssl_key.pem & ssl_cert.
pem files exist in the /etc/config directory).
Alternatively inetd can be configured to launch the secure fnord server from the command line of the unit as follows.
Edit the inetd configuration file. From the unit command line:
vi /etc/config/inetd.conf
Append a line:
443 stream tcp nowait root sslwrap -cert /etc/config/ssl_cert.pem -key /etc/config/ssl_key.pem -exec /bin/httpd
/home/httpd"
Save the file and signal inetd of the configuration change.
kill -HUP `cat /var/run/inetd.pid`
The HTTPS server should be accessible from a web client at a URL similar to this: https://<common name of unit>
More detailed documentation about the openssl utility can be found at the website: http://www.openssl.org/
228